Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for providing communication nodes, acting as intermediate routers for communication packets transmitted between a source node and a destination node, with different access rights to the fields of the routed communication packets, the method comprising: at a source node, discovering a plurality of routes of intermediate routers between the source node and the destination node; at a source node, collecting the identities of the intermediate routers on each of the plurality of discovered routes; at a source node, computing the aggregate trust levels of the intermediate routers for each of the plurality of discovered routes; at a source node, selecting a most trusted route of the discovered routes based on the computed aggregate trust levels; at a source node, computing, and securely distributing, encryption keys to each intermediate router on the most trusted route based on the trust level of the respective intermediate router; and at a source node, encrypting fields of the communication packets with corresponding encryption keys.
2. A method in accordance with claim 1 , further comprising the source node and the destination node authenticating with each other.
3. A method in accordance with claim 2 , further comprising authenticating the intermediate routers to the source and destination nodes.
4. A method in accordance with claim 2 , wherein the source node and the destination node authenticating with each other, comprising sending messages containing public key certificates of the corresponding device.
5. A method in accordance with claim 1 , further comprising redistributing encryption keys based on behavior of the intermediate routers.
6. A method in accordance with claim 1 , wherein collecting identities of intermediate routers on the routes comprises adding public key certificates of the intermediate routers to messages sent from the intermediate routers.
7. A method in accordance with claim 1 , wherein computing the aggregate trust levels of the intermediate routers comprises taking the minimum value of the trust levels of the intermediate router assessed by the source node and the destination node.
8. A method in accordance with claim 1 , wherein selecting the most trusted route of the discovered routes comprises the source node selecting among all the discovered routes the route with the most trusted weakest intermediate router.
9. A method in accordance with claim 1 , further comprising the source node generating encryption keys for each field of the communication packets.
10. A method in accordance with claim 1 , wherein securely distributing encryption keys to intermediate routers on the most trusted route comprises the source node encrypting the key with a public key of the intermediate router and signing the encrypted key with the private key of the source node.
11. A method in accordance with claim 1 , wherein computing encryption keys is performed by the source node.
12. A method in accordance with claim 1 , further comprising: detecting malicious behavior of intermediate routers; and if malicious behavior is detected in a intermediate router: reducing the trust level of the intermediate router; updating the aggregate trust levels of the intermediate routers; selecting a new most trusted route of the discovered routes; and distributing new encryption keys to the intermediate routers on the new most trusted route in accordance with the reduced trust level of the intermediate router.
13. A method in accordance with claim 1 , further comprising: detecting cooperative behavior of intermediate routers; and if cooperative behavior is detected in a intermediate router: increasing the trust level of the intermediate router; updating the aggregate trust levels of the intermediate routers; selecting a new most trusted route of the discovered routes; and distributing new encryption keys to the intermediate routers on the new most trusted route in accordance with the increased trust level of the intermediate router.
14. A method in accordance with claim 1 , wherein securely distributing the encryption keys comprises providing a different number of encryption keys to the intermediate routers on the most trusted route based on the trust level of the intermediate routers.
15. A method in accordance with claim 14 , wherein the fields of each communication packet comprises a plurality of headers in addition to a data payload, and encrypting fields of the communication packets comprises encrypting each header using a different encryption key and encrypting the data payload using an encryption key that is different from the encryption key used for encrypting any of the headers.
16. A method in accordance with claim 1 , wherein encrypting the fields of the communication packets with corresponding encryption keys comprises encrypting at least a header portion of the communication packets such that it is decryptable by at least one intermediate router using said distributed encryption keys and encrypting at least an encrypted data portion of the communication packets such that it is not decryptable by at least one intermediate router using said distributed encryption keys.
Unknown
August 14, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.